Search This Blog

Add SSL to your personal website

Give yourself a gift this holiday season, and add SSL to your personal site. The web is going secure, and it's time to be part of the solution. This article details how I turned on SSL + custom domains, plus automated deploys, for my personal site for the cost of a domain (which I already had) and $5/year. Read on!

Turns out, it's easier (and more affordable!) than you think to add SSL to your website. But first, why bother? There are lots of reasons why you should care about adding SSL:

Search engines are preferring SSL

New web APIs (like service worker) mandate SSL

Users trust SSL

Bonus: SSL can help enable HTTP/2 on some servers

Your setup will vary, so look for the easiest/shortest path to SSL for your particular site. Everyone has factors they want to optimize for. Here's what I was trying to optimize, as I looked for a solution.

I needed a solution that was:

Affordable

The solution should be very, very affordable. Affordable, in this context, means "as close to free as possible". My personal website is extremely low traffic. It doesn't make sense for me to pay a lot of money for something so small.

Easy

I don't have time to manage my personal site. The solution has to be simple and quick.

Sustainable

Because I don't have time to manage my site, I need a solution that is "set and forget" for as long as possible.

GitHub friendly

My site's source is on GitHub, and I needed a hosting+SSL solution that integrated with a "push to deploy" model.

Static file friendly

My personal site is extremely simple. I don't need anything other than a few static files.

Works with Custom Domains

I want to use my own domain.

I looked at a lot of options. Here's what didn't work for me, for a variety of reasons. They may work for you.

Managing my own VPS (e.g. on Digital Ocean or EC2).

This option completely rules out easy and sustainable. Manual configuration of servers, or keeping linux distros up to date, are two things I absolutely do not want to be doing.

Google Cloud Storage

GCS does serve static files, and even supports custom domains. However, they don't support custom domains and SSL. Bummer. It also doesn't support basic static file hosting feature like redirects, so it's probably not an option anyway.

GitHub Pages

Great integration with GitHub (of course :), but don't they don't support custom domains and SSL. They support custom domains, and SSL via the github.io domain, just not custom domains and SSL together at the same time.

Amazon Web Services

I'm not aware of an AWS product that meets my needs. Maybe they have some awesome static file server with custom domains and SSL and git integration? I didn't see one.

Firebase Static Hosting

This open is actually really good, and it was almost my solution. Their setup is very simple, they support custom domains and SSL, and they have decent GitHub integration (it requires just a little bit of scripting to deploy after a push). The only downside is that it costs $5/month for custom domains (but, the certificate is free and provided by Firebase). $60/year is a small price, especially considering the Firebase gives you an SSL certificate for free! Also, their static hosting is very good: they give you configuration options for redirects, custom 404 pages, and more. It's a very good option for most people. But, if $60/year is an issue (and it was hard for me to justify $60/year for a site that maybe serves 60 pages a year :), keep reading.

I should also note that it doesn't appear that Firebase supports IPv6 hosting. At least, their instructions didn't tell me to add IPv6 addresses to my DNS. This is probably a minor thing.

The hosting option that did work for me, after a lot of searching and reading, was: Google App Engine.

Google App Engine has a few things that made it a winner for me:

A completely free tier.

My personal site is way, way, way under the free tier limits.

Runs itself

App Engine just keeps on trucking, especially for a simple static site.

Custom domains

No need to upgrade to a paid tier to get this feature.

Custom certificates

You need to upload your own certification, but you don't need to upgrade to a paid tier to get this feature.

Fine for simple static sites

For just a few pages, App Engine's configuration is decent. It's not as simple as Firebase's, but I don't anticipate needing redirects.

Can be deployed from a push to GitHub

Travis to the rescue! The free Travis CI system can trigger a deploy to App Engine, when you push to GitHub.

Support for "naked domains"

App Engine can now serve http://example.com. For the longest time, they request a subdomain, but naked domains now work.

Supports IPv6

Because future.

Google App Engine isn't perfect. If you want to do any redirects, you need to start writing Python. And it's not obvious how to setup App Engine for pure static hosting, nor is App Engine the simplest way to serve a static site (e.g. it's not good at recognizing optional trailing slashes in URL paths), but it can be done.

The next question was: where do I get an inexpensive SSL certificate? I looked around, and there are a lot of options and resellers. I purchased a three-year personal cert from https://ssls.com for a total of $15. That's 1/4 the price of one year of hosting with Firebase. The fact that I found a very affordable SSL cert is what really made App Engine a winner for me.

I assume you know about GitHub, how to get an App Engine account, and how to connect Travis to automate the builds. I know this looks like a lot of steps, but, remember, I'm doing three things here: custom domains, SSL, and automated deploys.

Here's a list of docs and some manual steps that helped me get my personal website setup for custom domain, SSL, and automated deploys from GitHub:

You may need to perform additional verification steps. For example, I had to verify that I owned by domain by uploading a file to a special location on my server that serves my domain name.

Generating a service account from the Google Cloud Console

You can create a Service Account by going to the Google Cloud Console, go to “APIs & auth” -> “Credentials”, then click “Add Credential” and “Service Account”, finally clicking “JSON” to download the JSON key.

Popular posts from this blog

Now, this has to have a built-in somewhere in Scala , because it just seems too common. So, how to convert an Array to a List in Scala? Why do I need this? I needed to drop to Java for some functionality, which in this case returns an Array. I wanted to get that Array into a List to practice my functional programming skillz. **Update**: I figured out how to convert Arrays to Lists the Scala way. Turns out it's a piece of cake. val myList = List.fromArray(Array("one", "two", "three")) or val myList = Array("one","two","three").elements.toList The call to elements returns an Iterator , and from there you can convert to a List via toList . Nice. Because my first version wasn't actually tail recursive, what follows is a true tail recursive solution, if I were to implement this by hand. The above, built in mechanism is much better, though. object ArrayUtil { def toList[a](array: Array[a]): List[a] = { d

In which I port a snazzy little JavaScript audio web app to Dart , discover a bug, and high-five type annotations. Here's what I learned. [As it says in the header of this blog, I'm a seasoned Dart developer. However, I certainly don't write Dart every day (I wish!). Don't interpret this post as "Hi, I'm new to Dart". Instead, interpret this post as "I'm applying what I've been documenting."] This post analyzes two versions of the same app, both the original (JavaScript) version and the Dart version. The original version is a proxy for any small JavaScript app, there's nothing particularly special about the original version, which is why it made for a good example. This post discusses the differences between the two implementations: file organization, dependencies and modules, shims, classes, type annotations, event handling, calling multiple methods, asynchronous programming, animation, and interop with JavaScript libraries. F

In which the virtues of automated mechanical arboreal pruning are extolled over quaint manual labor, as applied to web development build processes. The setup Ever notice how the primary bit of marketing for many traditional web programming libraries is their download size? Why is that? Check this out: Why does size matter so much for these libraries? Your first instinct is probably, "because the more bytes you shuttle across the wire, the slower the app starts up." Yes, this is true. I'd also say you're wrong. The primary reason that size matters for these libraries is because traditional web development has no intelligent or automated way to prune unused code so you can ship only the code that is used over the wire. The web is full of links, yet web dev has no linker The web development workflow is missing a linking step. A linker's job is to combine distinct project files into a single executable. A smart linker will only incl